"""
Case Type   : gs_checkse工具功能
Case Name   : 验证通过-h参数指定需要检查的节点ip
Create At   : 2025/02/13
Owner       : sungang
Description :
    1、mount | grep "proc on /proc" | grep hidepid命令查看
    2、通过gs_checkse -i A9 --detail进行安全检测
    3、在root下执行命令mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc修复
    4、gs_checkse -i A9 --detail再次检测
Expect      :
    1、返回为空
    2、打印告警信息Warning reason:Ensure process information is hidden from other users.This ensures that only the root user can view all processes, while regular users can only see their own processes. This helps prevent the leakage of user process information and enhances the security of the database operating environment.
    3、执行成功
    4、返回normalChecking items    A9. [ Runtime environment configuration ]                   : NormalTotal numbers:1. Abnormal numbers:0. Warning numbers:0.
History     :
"""
import os
import unittest

from testcase.utils.Logger import Logger
from testcase.utils.Common import Common
from testcase.utils.Common import CommonSH
from yat.test import Node
from yat.test import macro


class GS_CHECKSE(unittest.TestCase):
    def setUp(self):
        self.log = Logger()
        self.log.info(f'----{os.path.basename(__file__)} start----')
        self.user_node = Node('PrimaryDbUser')
        self.root_node = Node('PrimaryRoot')
        self.common = Common()
        self.env_path = macro.DB_ENV_PATH

    def test_gscheckse(self):
        text = '-----step1:mount | grep "proc on /proc" | grep hidepid命令查看;expect:返回为空-----'
        self.log.info(text)
        sql_cmd = f"mount | grep 'proc on /proc' | grep hidepid"
        self.log.info(sql_cmd)
        sql_res = self.common.get_sh_result(self.user_node, sql_cmd)
        self.log.info(sql_res)
        self.assertEqual(f"", sql_res, '执行失败' + text)

        text = '-----step2:通过gs_checkse -i A9 --detail进行安全检测;expect:打印告警信息Warning reason:Ensure process information is hidden from other users.This ensures。。。-----'
        self.log.info(text)
        sql_cmd = f"source {self.env_path};gs_checkse -i A9 --detail"
        self.log.info(sql_cmd)
        sql_res = self.common.get_sh_result(self.user_node, sql_cmd)
        self.log.info(sql_res)
        self.assertIn(
            f"Warning reason:Ensure process information is hidden from other users.This ensures that only the root user can view all processes",
            sql_res, '执行失败' + text)

        text = '-----step3:在root下执行命令mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc修复;expect:执行成功-----'
        self.log.info(text)
        sql_cmd = f"mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc"
        self.log.info(sql_cmd)
        sql_res = self.common.get_sh_result(self.root_node, sql_cmd)
        self.log.info(sql_res)
        self.assertEqual(f"", sql_res, '执行失败' + text)

        text = '-----step4:gs_checkse -i A9 --detail再次检测;expect:进程信息对其他用户不可见告警消失-----'
        self.log.info(text)
        sql_cmd = f"source {self.env_path};gs_checkse -i A9 --detail"
        self.log.info(sql_cmd)
        sql_res = self.common.get_sh_result(self.user_node, sql_cmd)
        self.log.info(sql_res)
        self.assertIn("A9. [ Runtime environment configuration ]", sql_res, '执行失败' + text)
        self.assertNotIn(
            f"Warning reason:Ensure process information is hidden from other users.This ensures that only the root user can view all processes",
            sql_res, '执行失败' + text)

    def tearDown(self):
        text = f"root下执行mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=0 /proc，保证用例可重复执行"
        self.log.info(text)
        sql_cmd = f"mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=0 /proc"
        self.log.info(sql_cmd)
        sql_res = self.common.get_sh_result(self.root_node, sql_cmd)
        self.log.info(sql_res)
        self.assertEqual(f"", sql_res, '执行失败' + text)
        self.log.info(f'----{os.path.basename(__file__)} end----')
